General
-
Target
d323f2034ee22ad7b02394182f3d52456b3fb3a37bc0d1cea888c5a482c88a26.exe
-
Size
1.8MB
-
Sample
241009-s9554ssfnh
-
MD5
4906df588975aa33a2eed7c05a04ad74
-
SHA1
933f7c08c12fa78c7cf7efdfe9ed3dfb13a9cd1c
-
SHA256
d323f2034ee22ad7b02394182f3d52456b3fb3a37bc0d1cea888c5a482c88a26
-
SHA512
b5c3b2aceafc8e9300839f98404810ed9ced7406b2694a831bb0e6f3b83f027ece8b9ec7f2a47ce9b0b98cf9b2bff652aa44e9550a89a847e3c627a45f76e8b6
-
SSDEEP
49152:esS5yDUG8twLRbD4Utyl7pJTgG897+4fXGAjwjtSTS:eDI4Gi+Rf4Sm7p3M+rAssT
Malware Config
Extracted
lumma
https://clearancek.site
https://licendfilteo.site
https://spirittunek.store
https://bathdoomgaz.store
https://studennotediw.store
https://dissapoiznw.store
https://eaglepawnoy.store
https://mobbipenju.store
Targets
-
-
Target
d323f2034ee22ad7b02394182f3d52456b3fb3a37bc0d1cea888c5a482c88a26.exe
-
Size
1.8MB
-
MD5
4906df588975aa33a2eed7c05a04ad74
-
SHA1
933f7c08c12fa78c7cf7efdfe9ed3dfb13a9cd1c
-
SHA256
d323f2034ee22ad7b02394182f3d52456b3fb3a37bc0d1cea888c5a482c88a26
-
SHA512
b5c3b2aceafc8e9300839f98404810ed9ced7406b2694a831bb0e6f3b83f027ece8b9ec7f2a47ce9b0b98cf9b2bff652aa44e9550a89a847e3c627a45f76e8b6
-
SSDEEP
49152:esS5yDUG8twLRbD4Utyl7pJTgG897+4fXGAjwjtSTS:eDI4Gi+Rf4Sm7p3M+rAssT
Score10/10-
Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Modify Registry
1Subvert Trust Controls
1Install Root Certificate
1Virtualization/Sandbox Evasion
2